Cyberthreats Become Disruption in Connecticut Schools

By Dan Corcoran

Connecticut school districts are increasingly becoming the target of cyber criminals and these attacks can become a major disruption in classrooms.

(Published Wednesday, Feb. 7, 2018)

Connecticut school districts are increasingly becoming the target of cybercriminals and these attacks can become a major disruption in classrooms.

Over the last several months, federal law enforcement officers are seeing a significant increase in cyberattacks aimed at local schools. These threats brought classroom learning to a standstill at some schools across the state.

"You can't get to your lesson plans. You can't do grading. You can't keep in communication," Holly Matthews, of Avon, who is an educator in another town, said. "It's unfortunate that our society has come to this."

"It's disturbing and it's concerning," Jill Garrity, a parent from Simsbury and former elementary school teacher, said. "It's disturbing to think that it could interfere with the advancements that education has made in terms of technology."

Avon Public Schools administrators sent parents an alert in December, notifying them that cyberattacks had shut down internet access across the district. That presented a problem because classrooms are now so dependent on technology. Many schools incorporate tablets, laptops, apps and Smart Boards into daily lesson plans.

"It seems like the objective is to really halt our productivity and to interrupt our instructional process and just make us come to a screeching halt," Dr. JeanAnn Paddyfote, the interim superintendent for Avon Public Schools, said.

Paddyfote said no personal data was compromised but another similar cyberattack occurred in early January.

The district's IT team strengthened firewalls, a security tool designed to keep cyberintruders out of school computer systems, in the wake of the 'DDoS' or 'Distributed Denial of Service' attacks, in which someone attempts to overwhelm a school computer server with more data than it can handle.

In Wallingford, the district was targeted by phishing e-mails urging staffers to release W-2 tax information and other personnel records. None was ever handed over, the district said. Email viruses, which spread spam to and from all employee email contacts, were also reported.

In Middletown last summer, the school district was dealing with ransomware, which threatens to publish personal data unless a ransom is paid. The district said no ransom was paid and that the affected server was decommissioned without any loss of data.

'DDoS' attacks, like what was reported in Avon, knocked out internet access in Meriden at least four different times over several months, according to the school district.

"There seems like there's just more and more of it - and there is," said Vanessa Richards, Assistant U.S. Attorney in the District of Connecticut who also serves as the Computer Hacking and Intellectual Property (CHIP) Coordinator for the U.S. Attorney's Office.

Richards said her office has received an increase in reports of school cyberthreats since summer 2017.

"Oftentimes they're targeting a school for the personal identifying information of the employees or the students," Richards said when asked why someone would target a school.

Some of these attacks have more serious consequences than just a disruption, like a scam that targeted employees of Glastonbury’s school district last year. Special agents from the FBI said that last year an email appearing to be from a school official requested W-2 information for the 1,600 employees in the school system. Agents said a district employee believed it was real and handed the personal data over. Daniel Adekunle Ojo, a 33-year old citizen of Nigeria in the U.S. on an expired visa, has since been arrested in that phishing scheme case.

Ojo was charged with conspiracy to commit wire fraud, an offense that carries a maximum term of imprisonment of 20 years, and aggravated identity theft, an offense that carries a mandatory consecutive term of imprisonment of at least two years, according to the U.S. Attorney's Office. The Troubleshooters requested an update from the U.S. Attorney’s Office about the case, but have not yet received a response.

The U.S. Department of Education has alerted schools nationwide to be prepared for cyberextortion and threats. Experts recommend updating computer systems and strengthening firewalls and anti-virus software.

Richards said cybertraining is critical, with school employees often the gatekeepers to so much personal information.

Culprits are difficult to track down, especially if they are overseas, she said.

Paddyfote has a message for whoever is behind the attacks in her district.

"Stop. Please stop," Paddyfote said. "And should we find out who you are, we will pursue it legally and financially."

Schools and school districts are not required to report all suspicious cyberactivity to law enforcement, but they are certainly urged to do so.

Federal education officials encourage IT staff at schools and school districts to protect themselves by:

- Conducting security audits to identify weaknesses and update/patch vulnerable systems;
- Ensuring proper audit logs are created and reviewed routinely for suspicious activity;
- Training staff and students on data security best practices and phishing/social engineering awareness; and
- Reviewing all sensitive data to verify that outside access is appropriately limited.See the responses from all the public school districts the NBC Connecticut Troubleshooters reached out to for this story below.
Avon Public Schools Inquiry: